In a HIMA survey of international rail experts, 77 percent of participants said that the topic of cybersecurity is growing in importance. For 58 percent, it is already important today. That’s good news as it shows that the industry is not naïve to digitization. However, the other side of the coin is that only very few are prepared for cybersecure communication in the rail network – and many of them probably are not even aware of it.
New Risks in Communication
Operational safety has always been crucial in the rail industry. Comprehensive precautionary measures are a given, just as they are in functional safety as well. In addition to the safety instrumented system (SIS), communication between all components must be secured.
Two challenges emerge with digitization:
1. There are too many transmission standards.
Fieldbus systems such as Wire Train Bus, Multifunction Vehicle Bus, and Profinet control communications between train components. In future, protocols such as Train Real-time Data Protocol (TRDP) or Ethernet Train Backbone (ETB) could also enter the mix. It would be better if the industry were to use as few standard protocols as possible in order to simplify implementation and further development.
2. The level of security in existing standards is insufficient.
A potential communication standard is the network protocol Rail Safe Transport Application (RaSTA). Specially developed for railway signaling systems, RaSTA contains safety functions that offer a certain level of protection against cyber risks. However, it is not sufficient to deter cyberattackers.
Encryption Is Necessary, but Problematic
As it stands, safety providers must encrypt their safety-related communication. This not only applies to direct data exchange from SIS to SIS. Public and partially public networks, such as cellular networks and WLAN have long been used in transmission. Transmission of this kind must also be protected with the same level of security.
A Single Fault Can Change Everything
The challenges is that communication is only considered functionally safe to the CENELEC SIL 4 standard when a single fault during data transmission will not affect other parts of the transmitted communication. In accordance with IEC 61784-3, this can be achieved if less than one out of 100 bits of data is disturbed during communication.
If the data being transmitted is in plain text, this is easy. But if a modern encryption method, such as Advanced Encryption Standard (AES), enters the frame, things look very different. After all, the more a small change to the original message affects the decrypted message, the more effective the encryption is. For technical safety certification, you should expect much more than one error for every hundredth bit. In fact, you must assume that every second bit is corrupted. Only then is CENELEC SIL 4 certification possible.
The upcoming Edition 4 of IEC 61784-3 will include these stricter requirements for functionally safe communication. The problem remains that, currently, very few protocols are capable of meeting these requirements.
The Solution Stems from the Process Industry
These developments in the rail industry are already standard practice in industries such as oil and gas. As a partner to the process industry, HIMA developed the SafeEthernet transmission protocol more than 20 years ago. From the outset, the engineers took the above-mentioned bit error probability of 50 percent into account. The standardized protocol can be used without modification for safety-critical applications in the rail industry – and already fulfills the requirements of IEC standards that will apply in the future.